Confluence SSO/Pass through authenication - via config, plugin or crowd?

Hi all,

We are using Confluecence 4.3.1 and the process has stared to roll it out to our entire organisation.

We now have a request that external users will need a space to access information but we want to keep all our other spaces and information hidden from them.

We have had Confluence integrated with our AD for a couple of years now but with the rollout, staff are starting to complain that they have to log into Confluence even for simple things, like looking up HR polices. So I am looking to have a SSO/pass-through authenication setup so that users don't need to login again to the site aftre they have logged into their workstation.

Is this possible either by the confluence config, a plugin or will I need Crowd? If I need crowd, I have been told to look into the cost of licencing but from what I've read, Crowd is used when you are using multiple Atlassian products and want a single sign in for all of them. While we have other atlassian products in use such as JIRA and Bamboo, they are only for limited users, and are kept seperate from Confluence for now.

Is this sort of integration possible?

4 answers

1 accepted

0 votes
Accepted answer

Hi John,

Crowd is only for Atlassian products so you will have two logins (first Windows, then Crowd).

I never tried to connect a Confluence to an IIS but as I understand authentication via ISS, it uses NTLM. NTLM is still supported but depricated and Microsofts Kerberos is the protocol of choice. And you need an IIS.

I recommend a Kerberos PlugIn for Confluence. Our developers have written plugins and we already realizied SSO/Kerberos solutions in bigger companys. These solutions are working fine.

2 votes

If you are on Windows, you can try using integrated Windows Authentication via ISS.

Sharepoint Connector has the documentation for this. Will it help?

https://confluence.atlassian.com/display/SPCON011/Access+Confluence+using+Integrated+Windows+Authentication+via+IIS

See the known issues before you proceed.

This would probably be a solution but we need to still have anonymous access as the external staff will not have domain logins. Also we don't use Sharepoint in our organisation, though it seems this merely uses a configuration connector and not need a Sharepoint setup. Am I wrong in that thinking?

No need for Sharepoint connector. Authenticator would be sufficient. But anonymous access is not possible via this setup.

You could provide an account anonymous/anonymous in the local Confluence user directory for anonymous access. Then you could integrate a button "log in as anonymous" on the login screen that does the job for you. Then everybody can log in as anonymous...

Hi John,

From the sounds of it, Crowd is indeed the product for you to implement an SSO solution across your Atlassian applications, (and any other apps that conform to the OpenID format). As part of configuring Crowd, you can set different access parameters for each application so that only the intended users are able to access them and each application can have different access parameters.

Unfortunately though, SSO cannot be implemented just through the confluence config, and whilst there is a plugin for SSO I suspect that it will go beyond your requirements: https://marketplace.atlassian.com/plugins/com.appfusions.confluence.sso.confluence-sso-authenticator

Therefore I would recommend you investigate Crowd as a solution for this implementation.

All the best,
John

I am willing to go with Crowd, however I need to know will users still have to log into Crowd? I want to have a completely transparent login process.

Not needed, once the user is logged in to the Windows machine, it will be directly used for Confluence.

Can anyone else follow up with this? To clarify, I need a completely transparent login process for Confluence but still have the ability to log in as another user/log out if need by or to still have anonymous access to certain spaces.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,095 views 17 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you